version 1.32, 2005/07/14 19:27:18 |
version 1.33, 2005/08/03 09:20:30 |
|
|
initializes the system so you can use S/Key one-time passwords to log in. |
initializes the system so you can use S/Key one-time passwords to log in. |
The program will ask you to enter a secret passphrase which is used by |
The program will ask you to enter a secret passphrase which is used by |
.Xr skey 1 |
.Xr skey 1 |
to generate one-time passwords; |
to generate one-time passwords: |
enter a phrase of several words in response. |
enter a phrase of several words in response. |
After the S/Key database |
After the S/Key database |
has been updated you can log in using either your regular password |
has been updated you can log in using either your regular password |
|
|
.Pp |
.Pp |
Before initializing an S/Key entry, the user must authenticate |
Before initializing an S/Key entry, the user must authenticate |
using either a standard password or an S/Key challenge. |
using either a standard password or an S/Key challenge. |
To use a one-time password for initial authentication, the |
To use a one-time password for initial authentication, |
.Dq Fl a Li skey |
.Ic skeyinit -a skey |
option can be used. |
can be used. |
The user will then be presented with the standard |
The user will then be presented with the standard |
S/Key challenge and allowed to proceed if it is correct. |
S/Key challenge and allowed to proceed if it is correct. |
.Pp |
.Pp |
|
|
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl a Ar auth-type |
.It Fl a Ar auth-type |
Specify an authentication type such as |
Before an S/Key entry can be initialised, |
|
the user must authenticate themselves to the system. |
|
This option allows the authentication type to be specified, such as |
.Dq krb5 , |
.Dq krb5 , |
.Dq passwd , |
.Dq passwd , |
or |
or |
|
|
.It Fl r |
.It Fl r |
Removes the user's S/Key entry. |
Removes the user's S/Key entry. |
.It Fl s |
.It Fl s |
Set secure mode where the user is expected to have used a secure |
Secure mode. |
|
The user is expected to have already used a secure |
machine to generate the first one-time password. |
machine to generate the first one-time password. |
Without the |
Without the |
.Fl s |
.Fl s |
|
|
.Fl s |
.Fl s |
option also allows one to set the seed and count for complete |
option also allows one to set the seed and count for complete |
control of the parameters. |
control of the parameters. |
You can use |
.Pp |
.Ic skeyinit -s |
|
in combination with the |
|
.Nm skey |
|
command to set the seed and count if you do not like the defaults. |
|
To do this run |
|
.Nm |
|
in one window and put in your count and seed, then run |
|
.Nm skey |
|
in another window to generate the correct 6 English words for that |
|
count and seed. |
|
You can then "cut-and-paste" or type the words into the |
|
.Nm |
|
window. |
|
When the |
When the |
.Fl s |
.Fl s |
option is specified, |
option is specified, |
|
|
If a user has no entry in the S/Key database, an alternate authentication |
If a user has no entry in the S/Key database, an alternate authentication |
type must be specified via the |
type must be specified via the |
.Fl a |
.Fl a |
option. |
option |
|
(see above). |
Please note that entering a password or passphrase in plain text |
Please note that entering a password or passphrase in plain text |
defeats the purpose of using |
defeats the purpose of using |
.Dq secure |
.Dq secure |
mode. |
mode. |
|
.Pp |
|
You can use |
|
.Ic skeyinit -s |
|
in combination with the |
|
.Nm skey |
|
command to set the seed and count if you do not like the defaults. |
|
To do this run |
|
.Ic skeyinit -s |
|
in one window and put in your count and seed, then run |
|
.Xr skey 1 |
|
in another window to generate the correct 6 English words for that |
|
count and seed. |
|
You can then "cut-and-paste" or type the words into the |
|
.Nm |
|
window. |
.It Fl x |
.It Fl x |
Displays one-time passwords in hexadecimal instead of ASCII. |
Displays one-time passwords in hexadecimal instead of ASCII. |
.It Ar user |
.It Ar user |